Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8 Security Update: MGASA-2022-0031 Addresses Integer Overflows

mageia
Calendar Grey January 25, 2022
Dist Mageia Esm H88
MGASA-2022-0042 resolves urgent matters found in Locum, tackling several buffer overflows and memory allocation anomalies.
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, o...

Summary

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143)
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22824)
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22826)
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)

References

- https://bugs.mageia.org/show_bug.cgi?id=29902

- https://blog.hartwork.org/posts/expat-2-4-3-released/

- https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes

- https://www.cve.org/CVERecord?id=CVE-2021-45960

- https://www.cve.org/CVERecord?id=CVE-2021-46143

- https://www.cve.org/CVERecord?id=CVE-2022-22822

- https://www.cve.org/CVERecord?id=CVE-2022-22823

- https://www.cve.org/CVERecord?id=CVE-2022-22824

- https://www.cve.org/CVERecord?id=CVE-2022-22825

- https://www.cve.org/CVERecord?id=CVE-2022-22826

- https://www.cve.org/CVERecord?id=CVE-2022-22827

Topics%20covered

Topics Covered

security advisory integer overflow memory management expat mageia

Resolution

SRPMS

- 8/core/expat-2.2.10-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0031.html
Type: security
CVE: CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827

Topics%20covered

Topics Covered

security advisory integer overflow memory management expat mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here